From d12e90b30bf3408c4c04ce0f0f12759d7a37d166 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Sun, 16 Nov 2025 02:11:42 +0000
Subject: [PATCH 1/7] chore(deps): update helm release postgres to v1.6.0

---
 k8s/argo-apps/psql.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/argo-apps/psql.yaml b/k8s/argo-apps/psql.yaml
index 96bf839..9ec41d0 100644
--- a/k8s/argo-apps/psql.yaml
+++ b/k8s/argo-apps/psql.yaml
@@ -10,7 +10,7 @@ spec:
     server: 'https://kubernetes.default.svc'
   sources:
     - chart: postgres
-      targetRevision: 1.3.6
+      targetRevision: 1.6.0
       repoURL: https://groundhog2k.github.io/helm-charts/
       helm:
         valuesObject:

From 83d2ed914142884721e48bb9215dd2805c9d19b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Mon, 17 Nov 2025 21:53:42 +0100
Subject: [PATCH 2/7] feat: add rustical

---
 docker/rustical/docker-compose.yml | 17 +++++++++++++++++
 tofu/authentik/main.tf             | 13 ++++++++++++-
 tofu/authentik/vars.tf             | 14 ++++++++++----
 3 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 docker/rustical/docker-compose.yml

diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml
new file mode 100644
index 0000000..662a7df
--- /dev/null
+++ b/docker/rustical/docker-compose.yml
@@ -0,0 +1,17 @@
+---
+services:
+  rustical:
+    image: ghcr.io/lennart-k/rustical:0.10.5
+    ports:
+      - '4000:4000'
+    volumes:
+      - "${RUSTICAL_DATA_VOLUME:-/mnt/nas1/shared/rustical/:/var/lib/rustical/}"
+    environment:
+      RUSTICAL_OIDC__NAME: ${RUSTICAL_OIDC_NAME:-Authentik}
+      RUSTICAL_OIDC__ISSUER: ${RUSTICAL_OIDC_ISSUER:-https://auth.fukurokuju.dev/application/o/rustical/}
+      RUSTICAL_OIDC__CLIENT_ID: ${RUSTICAL_OIDC_CLIENT_ID}
+      RUSTICAL_OIDC__CLIENT_SECRET: ${RUSTICAL_OIDC_CLIENT_SECRET}
+      RUSTICAL_OIDC__CLAIM_USERID: ${RUSTICAL_OIDC_CLAIM_USERID:-preferred_username}
+      RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
+      RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
+      RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: ${RUSTICAL_FRONTED_ALLOW_PASSWORD_LOGIN:-false}
diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf
index 5c0ffef..c062e8f 100644
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@@ -42,6 +42,7 @@ resource "authentik_group" "ftp" {
   is_superuser = false
 }
 
+
 module "gitea" {
   source              = "../modules/authentik-oidc"
   app_name            = "Gitea"
@@ -199,7 +200,6 @@ module "netbird" {
   app_name            = "netbird"
   app_slug            = "netbird"
   client_id           = var.netbird_client_id
-  client_secret       = var.netbird_client_secret
   client_type         = "public"
   app_access_group_id = authentik_group.vpn.id
   redirect_uris = [
@@ -223,4 +223,15 @@ module "netbird" {
   ]
   app_icon              = "https://vpn.fukurokuju.dev/apple-icon.png"
   access_token_validity = "days=10"
+  client_secret         = ""
+}
+
+module "rustical" {
+  source              = "../modules/authentik-oidc"
+  app_name            = "rustical"
+  app_slug            = "rustical"
+  client_id           = var.rustical_client_id
+  client_secret       = var.rustical_client_secret
+  redirect_uris       = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }]
+  app_access_group_id = ""
 }
diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf
index 50cba45..3dca992 100644
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@@ -44,10 +44,6 @@ variable "netbird_client_id" {
   type        = string
 }
 
-variable "netbird_client_secret" {
-  description = "Netbird client secret"
-  type        = string
-}
 
 variable "sftpgo_client_id" {
   description = "SFTPGo client ID"
@@ -58,3 +54,13 @@ variable "sftpgo_client_secret" {
   description = "SFTPGo client secret"
   type        = string
 }
+
+variable "rustical_client_id" {
+  description = "Radicale client ID"
+  type        = string
+}
+
+variable "rustical_client_secret" {
+  description = "Radicale client secret"
+  type        = string
+}

From fcb7a80d0aa13a130a3190ec50af6859310d27ed Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Sun, 23 Nov 2025 02:32:34 +0000
Subject: [PATCH 3/7] chore(deps): update ghcr.io/paperless-ngx/paperless-ngx
 docker tag to v2.20.0

---
 docker/paperless/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml
index 4bb523e..58acc07 100644
--- a/docker/paperless/docker-compose.yml
+++ b/docker/paperless/docker-compose.yml
@@ -14,7 +14,7 @@ services:
 
   webserver:
 
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.19.5
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0
     restart: unless-stopped
     ports:
       - 8002:8000

From 0a27275688530215e9b87360745c6c477abf0add Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Thu, 27 Nov 2025 02:11:51 +0000
Subject: [PATCH 4/7] chore(deps): update code.forgejo.org/forgejo-helm/forgejo
 docker tag to v15.0.3

---
 k8s/argo-apps/forgejo.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml
index fdae5da..277a779 100644
--- a/k8s/argo-apps/forgejo.yaml
+++ b/k8s/argo-apps/forgejo.yaml
@@ -14,7 +14,7 @@ spec:
   sources:
     - chart: forgejo
       repoURL: code.forgejo.org/forgejo-helm
-      targetRevision: 15.0.2
+      targetRevision: 15.0.3
       helm:
         valuesObject:
           replicaCount: 2

From 6386316395d260e565fc1dc767dd038ac3be4033 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Wed, 19 Nov 2025 01:56:15 +0000
Subject: [PATCH 5/7] chore(deps): update helm release kubetail to v0.16.3

---
 k8s/argo-apps/kubetail.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/argo-apps/kubetail.yaml b/k8s/argo-apps/kubetail.yaml
index 0c6b50f..453b3b8 100644
--- a/k8s/argo-apps/kubetail.yaml
+++ b/k8s/argo-apps/kubetail.yaml
@@ -12,7 +12,7 @@ spec:
   sources:
     - chart: kubetail
       repoURL: https://kubetail-org.github.io/helm-charts/
-      targetRevision: 0.16.1
+      targetRevision: 0.16.3
       helm:
         valuesObject:
           kubetail:

From e4dbf4efaf9e36559d955415d3b2662aaf5ff99f Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Thu, 27 Nov 2025 02:12:40 +0000
Subject: [PATCH 6/7] chore(deps): update helm release renovate to 45.21.*

---
 k8s/argo-apps/renovate.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml
index 940a12a..83c3d3a 100644
--- a/k8s/argo-apps/renovate.yaml
+++ b/k8s/argo-apps/renovate.yaml
@@ -13,7 +13,7 @@ spec:
   sources:
     - chart: renovate
       repoURL: https://docs.renovatebot.com/helm-charts
-      targetRevision: 45.1.*
+      targetRevision: 45.21.*
       helm:
         valuesObject:
           renovate:

From df63edbaf7d58e19d38a1bfa6f7e0454aa4a9dfa Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate-bot@fukurokuju.dev>
Date: Tue, 9 Dec 2025 02:13:01 +0000
Subject: [PATCH 7/7] chore(deps): update helm release postgres to v1.6.1

---
 k8s/argo-apps/psql.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/k8s/argo-apps/psql.yaml b/k8s/argo-apps/psql.yaml
index 96bf839..627a13c 100644
--- a/k8s/argo-apps/psql.yaml
+++ b/k8s/argo-apps/psql.yaml
@@ -10,7 +10,7 @@ spec:
     server: 'https://kubernetes.default.svc'
   sources:
     - chart: postgres
-      targetRevision: 1.3.6
+      targetRevision: 1.6.1
       repoURL: https://groundhog2k.github.io/helm-charts/
       helm:
         valuesObject: